(Flexible working/ 3 days from home)
Financial Services client is looking to expand there Infrastructure Security division due to a global transformation and change program.
- Work with the Head of Infrastructure Security and other key stakeholders to define and implement an organisation wide infrastructure security strategy including information protection and application security strategy, to help ensure policies and standards and other industry requirements are met.
- Manage the day-to-day infrastructure security processes operated by the Information Protection Analyst, Application Security Analyst and third party providers in the areas of:
- Vulnerability management and network security (firewall management, web filtering, NAC, network intrusion detection, email security, endpoint and server protection etc.)
- Information protection (Data Loss Prevention management and key management)
- Application security (pre and post development control implementation and testing and provide oversight and challenge when security events arise and risks are raised, to help ensure risks are remediated effectively.
- Identify new technologies and methods which can help enhance infrastructure security processes; and review and test these proposed technologies to help ensure risk areas are effectively addressed.
- Track and report on risk metrics and remediation activity for vulnerability management and network security, information protection and application security to help ensure that senior stakeholders within Group IT and business divisions are aware of key vulnerabilities and risks within the organisation.
- Provide an escalation point for infrastructure security events and coordinate with the security operations team and incident management personnel to ensure that any incidents are managed in a timely and effective manner.
- Accomplished in designing secure networks (firewall/IPS/IDS) systems, endpoint security (Anti-virus, malware detection, data loss prevention) systems, security testing solutions etc.
- Adept at designing and developing threat detection and protection solutions at various network and domain services level (proxy/email/content filtering/backup/file & print/patching)
- Knowledge of various operating systems such as Windows, Linux and Unix
- Ability to monitor third-party suppliers for SLA adherence and compliance with established key risk and performance indicators
- Extensive knowledge of infrastructure components, networks, applications, middleware and databases for identifying and addressing security threats
- Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
- Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player
- Strong analytical skills
Education & Qualifications
- Bachelor's degree (preferred but not essential) or equivalent experience in computer science, IT engineering, or related field
- An MSc Information Security or equivalent would be an advantage
- Information Security and/or Information Technology industry certification (CEH, CISSP, CISM, GIAC or equivalent) strongly preferred
- Member of IISP or have the qualification, skills and experience to become a member
Eames Consulting is acting as an Employment Agency in relation to this vacancy.